Sunday, February 11, 2018

I found this very good tutorial on a Chinese blog, so it has been translated and reproduced here:

What you see in the picture below Directory Listing in Apache server settings. And this is turned on by default.

To check if you have this problem, try to visit a directory in your apache server location with a browser, such as localhost/someFolder and you will see the contents of this folder. Webmasters and website owners generally don't want this activated because they don't want strangers to browse the contents of their website.

If you see something similar to the above photo, you got this problem as well.

While it might not be a huge security problem to your site, it certainly makes you not comfortable, and it is also not a very pleasant experience for users to crash into your directory like this.

However, it is actually very easy to turn it off in Ubuntu, here is how.

1. Navigate to /etc/apache2

2. From there, you will find a file named :

apache2.conf

3. Open apache2.conf with your favourite text editor. If you don't know how to edit a text file on a server, find some help on Google.

4. Find this line: ( there are actually two lines of these, one's under <Directory /var/www/>, and another one is under <Directory /srv/>, for now, we will work on the former one since that's where our website is in.)

Options Indexes FollowSymLinks

5. Remove 'Indexes' from this line, so that it will look like this

Options FollowSymLinks

6. Save the file, open a terminal then restart apache.

sudo service apache2 restart

And we are done, try to visit a directory under your web var/www in a browser, and you will get a 403 forbidden error.